A senior Canadian government official has given a conference of infosec pros a peek at the coming updated federal cyber security strategy without divulging many details, including whether police and intelligence agencies will get more money and how Ottawa will encourage small and medium businesses to take information security more seriously.

Flexibility to meet changing cyber threats and collaborating with the provinces and the private sector were constant themes in the keynote speech Tuesday by Colleen Merchant, director general of national cyber security at Public Safety Canada to the annual SecTor conference in Toronto.

Colleen Merchant, Public Safety Canada

“The fundamental goal of our plan for cyber security is to maximize the benefits of digital life for Canadian citizens and businesses,” she said.

“As the cyber security environment has matured, it’s become clear that an effective plan to achieve this goal has based to be on principles that can endure and allow us to be flexible.

The new approach – expected to be released in the next three months – will be guided by five principles:

–Protect the safety and security of Canadians online and Canada’s critical infrastructure;

–Promote and protect rights and freedoms online;

–Recognize and encourage the importance of cyber security for business, economic growth and prosperity;

–Adapt and respond to emerging technologies and changing conditions;

–Collaborate and co-ordinate across jurisdictions and sectors to collectively increase Canada’s cyber security.

“these principles will guide Canada’s response to an array of trends, challenges and opportunities in cyber security,” she said.

“We’re entering a truly pivotal point, a very exciting time in defining a new approach to cyber security for our country. The federal government is committed to doing all we can to ensure a cyber secure future, and we are going to continue to proactively evolve collaborative work with diverse partners in doing so.”

She also urged the infosec community to be open minded, work together and promote cyber security.

One slight hint of things that may be part of the government’s thinking was her mention of “emerging opportunities we see in this space,” which could be a reference to supporting the number of cyber security-related companies in Canada, from BlackBerry to startups working on quantum computing.

At one point she said the government knows there are “lot of experts working hard to make this country a world leader in cyber security [solutions], and moving forward the federal government can play a central role in several areas.”

The country’s current cyber security strategy was drafted in 2010 by the Harper government, setting the goal of protecting the integrity of government systems, critical assets, combating cyber crime and protecting Canadians online.

However, as Merchant noted, since 2010 cyber attacks have increased and are more complex. Last fall the Trudeau government opened a public consultation on an updated strategy.

The broad goals of 2010 are similar to the five principles Merchant laid out. No one expects the new strategy’s basics will be different.

But a new strategy could put emphasis in different places or add new components. Among them could be

–creating or encouraging a process for small and medium businesses that pass a test to be certified as “cyber secure,” following the lead of the United Kingdom. The idea is to promote confidence in online commerce. New Brunswick has adopted that program and will shortly announce how it will roll out in other provinces.

–more money for federal cyber institutions such as the RCMP, the Canadian Security Establishment (the country’s spy agency, which is also charged with protecting federal networks), the Canadian Anti-Fraud Centre and the Canadian Cyber Incident Response Centre (CCIRC). Many police forces have been urging Ottawa to set up and fund a National Cyber Crime Co-ordination Centre where small and medium businesses would report cyber incidents (enterprises would report to CCIRC). It would also be a data collection and reporting source;

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomedia [@] gmail.com